Highlights from BlackHat Europe 2013 in Amsterdam

Every year as Europe wakes up from the cold winter to the warm days of spring, BlackHat traditionally descends to Amsterdam. This years conference is taking place on March 14-15 at the NH Grand Hotel Krasnapolsky, right Dam Square, the heart of Amsterdam. As spring doesnt necessarily equal warm days here in Europe right now, the 500 or so BlackHat participants hit the conference rooms to attend quite a few interesting talks. Heres a summary of the best talks at BlackHat Europe 2013.

The conference kicked off with a keynote delivered by Rickard “Rick” Falkvinge, founder of the Swedish Pirate Party. His talk “Shelters or windmills: the struggle for power and information advantage”e touched on a very important aspect of todays world the power of information and how information has been shaping the decisions of those who have it from monks in the distant past to governments and corporations nowadays. Rick pointed out how history repeats itself explaining there will always be efforts against the development of technologies that would enable masses to have access to that information, be it a printing press or a new technology such as the internet.


Keynote speech, aka ‘I don’t know how but I am a politician now’.

“A perfect crime? Only time will tell” talk by Tal Be’ery and Amichai Shulman showed how they took their 2012 CRIME (Compression Ratio Info-leak Made Easy) attack against SSL to a new level. This year theyve introduced TIME (Timing Info-leak Made Easy), which covers scenarios where CRIME had some limitations. While CRIME was solely aimed at HTTP requests, TIME is designed to attacker HTTP responses.

“Off-grid communications with Android meshing the mobile world” was an especially interesting session if you’re into mobile stuff. Josh Thomas and Jeff Robble presented the challenges of connecting Android devices directly to each other, in a headless dynamic mesh network, while actually doing it reliably, efficiently and most important of all, securely. Their project is called SPAN and stands for Smart Phone AdHoc Networks. It basically allows resilient communications between mobile devices without any existing infrastructure other than the devices themselves alone.


The lack of reliable network connectivity (no wonder) heavily stressed the live demo session :).

“Hardening Windows 8 Apps for the Store” by Marc Blanchou touched on the topics of security and privacy, two important concerns when it comes to the mobile world, from the perspective of Microsoft as a new player on a field already dominated by Android and iOS. Marc explained several changes in the architecture of Windows 8 apps, such as the way in which the system is taking care of important security aspects such as encrypted communications by transparently allowing the apps to access remote resources just like they would access local ones. Topics which were discussed included security implications of HTML5, backend services, cloud computing and WinRT.

Stefan Tanase and Stefano Ortolani

Highlights from BlackHat Europe 2013 in Amsterdam

Your email address will not be published. Required fields are marked *



Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox